<?php
require ('./lib/init.php');
// 判断用户是否登录
if (!acc()) {
    header('Location:login.php');
}
$userId = $_GET['user'];
// 判断用户名传递的用户id是否合法
if (trim($userId) == '') error('用户Id不合法！','javascript:history.back(-1)');
// 如果id合法
$sql = "select id from user where id = '$userId'";
$rs = mGetRow($sql);
if (!$rs) error('用户Id不存在！','javascript:history.back(-1)');
// 加载全部权限
$sql = "select * from role";
$roles = mGetAll($sql);
//用户id存在且合法执行下一步
if (empty($_POST)){
    $sql = "select role_name,name,mail from user left join role on role.role_id = user.role_id where id = '$userId'";
    $userInfo = mGetRow($sql);
    include (ROOT . '/view/admin/roleedit.html');
}
else{
    // 获取传递过来的值
    $newMail = $_POST['mail'];
    $newRoleId = $_POST['role_id'];
    $sql = "update user set mail='$newMail',role_id='$newRoleId' where id = '$userId'";
    $rs = mQuery($sql);
    if (!$rs){
        error('修改权限失败！','javascript:history.back(-1)');
    }else{
        header('location:role.php');
    }
}

?>
